Splunk Introduces New AI Offerings to Accelerate Detection, Investigation and Response Across ......

• 19 Jul 2023
• TM Team
• 0 Comments

Splunk Inc., the cybersecurity and observability leader, today announced Splunk AI, a collection of new AI-powered offerings to enhance its unified security and observability platform. Launched at .conf23, Splunk AI combines automation with human-in-the-loop experiences, so organisations can drive faster detection, investigation and response while controlling how AI is applied to their data. Leaning into its lineage of data visibility and years of innovation in AI and machine learning (ML), Splunk continues to enrich the customer experience by delivering domain-specific insights through its AI capabilities for security and observability.

Splunk AI strengthens human decision-making and threat response through assistive experiences. The offerings empower SecOps, ITOps and engineering teams to automatically mine data, detect anomalies and prioritise critical decisions through intelligent assessment of risk, helping to minimise repetitive processes and human error. Splunk AI optimises domain-specific large language models (LLMs) and ML algorithms built on security and observability data, so SecOps, ITOps and engineering teams are freed up for more strategic work - helping to accelerate productivity and lower costs. Looking forward, Splunk is committed to remaining open and extensible as it integrates AI into its platform, so organisations can extend Splunk AI models or use home-grown and third party tools.

“Splunk’s purpose is to build a safer, more resilient digital world, and this includes the transparent usage of AI,” said Min Wang, CTO at Splunk. “Looking forward, we believe AI and ML will bring enormous value to security and observability by empowering organisations to automatically detect anomalies and focus their attention where it’s needed most. Our Splunk Al innovations provide domain-specific security and observability insights to accelerate detection, investigation and response while ensuring customers remain in control of how AI uses their data.”

Generate faster outcomes through assisted intelligence

Splunk AI Assistant leverages generative AI to provide an interactive chat experience and helps users author Splunk Processing Language (SPL) using natural language. The app preview fosters an immersive experience where users can ask the AI chatbot to write or explain customised SPL queries to increase their Splunk knowledge. Splunk AI Assistant improves time-to-value and helps make SPL more accessible, further democratising an organisation’s access to, and insights from, its data.

Drive faster, more accurate alerting through new AIOps capabilities

The embedded AI offerings, highlighted below, enable organisations to drive more accurate alerting to build digital resilience:

• With a few clicks, Splunk App for Anomaly Detection provides SecOps, ITOps and engineering teams with a streamlined end-to-end operational workflow to simplify and automate anomaly detection within their environment.
• The IT Service Intelligence 4.17 features greater detection accuracy and faster time-to-value:
• Outlier Exclusion for Adaptive Thresholding detects and omits abnormal data points or outliers (such as network disruptions or outage spikes) for more precise dynamic thresholds to drive accurate detection within one’s technology environment.
• The new ML-Assisted Thresholding preview uses historical data and patterns to create dynamic thresholds with just one click, helping to provide more accurate alerting on the health of an organisation's technology environment. 

Execute insights-driven, effective anomaly detection through automation

The ML-powered foundational offerings provide organisations access to large, richer sets of information by extending solutions built on the Splunk platform, so they can drive data-driven decisions:

• The Splunk Machine Learning Toolkit (MLTK) 5.4 provides guided access to ML technology to users of all levels and is one of the most downloaded Splunkbase apps, with over 200k downloads. Through leveraging techniques like forecasting and predictive analytics, SecOps, ITOps and engineering teams can unlock richer ML-powered insights. The new release builds on the open, extensible nature of Splunk AI by enabling customers to bring their externally trained models into Splunk.
• Now available on Splunkbase, Splunk App for Data Science and Deep Learning (DSDL) 5.1 extends MLTK to provide access to additional data science tools to integrate advanced custom machine learning and deep learning systems with Splunk. This release includes two AI assistants that allow customers to leverage LLMs to build and train models with their domain specific data to support natural language processing.

Empower SecOps Teams with rapid detections

Over the past year, the Splunk Threat Research Team has added 6 ML-powered detections to Splunk Enterprise Security through the Splunk Enterprise Security Content Updates (ESCU) to help security practitioners address ongoing time-sensitive security threats and attack methods.

"We leverage Splunk's Machine Learning Toolkit to detect anomalies in extensive datasets that may have otherwise remained undetected with traditional signature-based methods,” said Matt Snyder, Program Lead - Advanced Security Analytics at VMWare. “By incorporating robust machine learning models within Splunk, we eliminate the need for a separate infrastructure for advanced analytics, saving us time and resources."